virus logo Intrusion Prevention

TBK.DVR.SOSTREAMAX.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Command Injection Vulnerability in TBK DVR-4104 and DVR-4216.
The vulnerability is due to insufficient validation of user-supplied input in the application. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application.

description-logoOutbreak Alert

Threat Actors are actively exploiting CVE-2024-3721, a command injection vulnerability in TBK DVR devices (Digital Video Recorders). This flaw allows unauthenticated remote code execution (RCE) via crafted HTTP requests to the endpoint. The compromised devices are conscripted into a botnet capable of conducting DDoS attacks.

View the full Outbreak Alert Report

affected-products-logoAffected Products

TBK DVR-4104 version prior to 20240412
TBK DVR-4216 version prior to 20240412

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2024-07-18 28.829
Modified
 Default_action:pass:drop
2024-05-14 27.787
New
ID 55717
Created May 07, 2024
Updated Aug 26, 2024
CVE ID
Tags TBK DVRs Botnet Attack Threat Signal
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 83.86%
Default Action drop
Active
Affected OS Other
Affected App Other
Profile Type OS Command Injection